A Sequim couple got a surprise recently when they learned that their car was under the control of a complete stranger.
“Uh oh. It’s starting to do things,” Lucy Langdon said as she sat in the passenger seat of her 2013 Ford Fusion.
“That’s pretty interesting, huh?” said her husband Richard Gibbs from the driver’s seat.
KING 5 showed the couple how their car was being controlled by a man who was miles away in Seattle.
“The seats are warming,” said Richard. “The seats are warming, you’re right,” came his wife’s reply.
Their Fusion is a “connected” car. It comes with software and computers that allow it connect to the same networks used by smartphones and computers. Connected cars include many features that today’s buyers demand, such as on-board wi-fi hotspots, movie and music streaming, and internet access.
Connected cars can also send your car’s performance and maintenance data directly to the manufacturer. But they also open a window for someone to take control of your car.
From Seattle, Brett Kappenman was able to unlock the doors of Lucy and Richard’s Fusion, turn on the electric hybrid’s motor and then turn it off.
“What I’m going to do is go ahead and click on the ‘start’ button. What that does is it sends a signal via this website all the way out to the vehicle,’ Kappenman said as he demonstrated the Fusion’s remote controls from his laptop in a KING 5 meeting room.
Kappenman was also able to use the Fusion’s GPS tracking software to identify the car’s exact location at any time.
“I can actually get an email or text notification that that vehicle is in motion,” said Kappenman.
Using that feature, the KING 5 Investigators were able to track the Fusion right to Rick and Lucy’s doorstep in Sequim.
“In the wrong hands, it doesn’t seem like that information should be out there,” Richard said when contacted by KING 5.
Kappenman may be a stranger to Rick and Lucy, but he’s no stranger to their car: He’s the former owner. He said he was surprised after trading the car in last year to find that his remote access to the vehicle was still active.
“I don’t really need to see all this information (anymore),” Kappenman said. “I wanted to share this information with people and let them know this capability is out there,” he said.
“I didn’t really sign up for this, I don’t want to be able to remotely start my car,” said Rick, who had no idea that the Fusion had all those features that could be remotely controlled.
Even the dealership that took in Kappenman’s car – and sold it to Rick and Lucy – wasn’t sure how to wipe the vehicle clean of a former owner’s information.
The owner of Sound Ford in Renton said he’s looking into how to do a better job of protecting people’s private information.
“We’re looking into it now, because it is the future,” said owner Rich Snyder when contacted by KING 5.
Even though Kappenman is no stranger to the Fusion, his ability to control the car highlights the risks of hacking into modern automobiles.
In February, Seattle computer security expert Craig Smith showed the KING 5 Investigators how it may be possible to hack into most internet connected cars.
“I intentionally didn’t want to make a ‘how-to’ on any specific make or model,” said Smith as he put on a demonstration for KING 5. Smith showed that he was able to remotely start a car, and turn on the windshield wipers and headlights.
The possibilities seem more theoretical that practical at this point. An association that represents car manufacturers says it is not aware of one documented case of a car hack.
AAA says consumers should educate themselves about what the computers in their car are capable of doing, and how to protect that information.
“It’s kind of the wild west. We’re still in that very early learning stage. So manufacturers need to be concerned with this from a consumer perspective,” said AAA’s Jennifer Cook in Bellevue.
Even though dealerships may not be aware, a Ford Motor Company spokesperson says there is a way for consumers to wipe personal information out of a car’s databases – much like they would do with a computer.
In a statement to KING 5, Ford’s Hallie Robinson says the vehicles have a master reset feature: “…we recommend performing a Master Reset as a way to both delete data stored in the vehicle and to disconnect MyFord Mobile features before a vehicle changes hands.”
She said more detailed information can be found online at www.myfordmobile.com. Read Ford’s full statement:
“MyFord Mobile provides services that allow electric vehicle customers, through a mobile phone or web application, to opt in to access features such as charge stati
“Ford is committed to protecting our customers’ privacy by empowering customer choice. Similar to the way that cell phones enable users to delete data and disconnect services before the phone is sold or discarded, we recommend performing a Master Reset as a way to both delete data stored in the vehicle and to disconnect MyFord Mobile features before a vehicle changes hands. If an owner chooses not to perform a Master Reset before selling a vehicle, the new owner receives an alert on the vehicle screen indicating that MyFord Mobile is active. We strive to make it easy for customers to find the instructions for deleting data and disconnecting the features by providing the information in multiple places, depending on model and model year vehicle, including: vehicle owner guides, the MyFord Mobile app terms, and the myfordmobile.com website. A customer can also contact our Customer Relationship Center for help.”on finder, trip planner, and battery charge status.
View the original content and more from this author here: http://ift.tt/1S8sdie
from hacker samurai http://ift.tt/1C1nHcb
via IFTTT
No comments:
Post a Comment